Client Management Guide

The Client Management API allows you to programmatically manage Auth0 applications (also known as clients).

Prerequisites

Ensure you have initialized a management client:

import (
    "context"
    "github.com/auth0/go-auth0/v2/management"
    "github.com/auth0/go-auth0/v2/management/client"
    "github.com/auth0/go-auth0/v2/management/option"
)

mgmt, err := client.New(
    "your-tenant.auth0.com",
    option.WithClientCredentials(
        context.Background(),
        "YOUR_CLIENT_ID",
        "YOUR_CLIENT_SECRET",
    ),
)

Application Types

Auth0 supports several application types:

Native - Mobile or desktop applications
SPA - Single Page Applications (JavaScript)
Regular Web Application - Traditional server-side web apps
Machine to Machine - Backend services and APIs

Creating Clients

Single Page Application
Native Application
Regular Web Application
Machine to Machine

Create a SPA client for JavaScript applications:

createRequest := &management.CreateClientRequestContent{
    Name:    "My React App",
    AppType: &management.ClientAppTypeEnumSpa,
    Callbacks: []string{
        "http://localhost:3000/callback",
        "https://myapp.com/callback",
    },
    AllowedOrigins: []string{
        "http://localhost:3000",
        "https://myapp.com",
    },
    WebOrigins: []string{
        "http://localhost:3000",
        "https://myapp.com",
    },
    AllowedLogoutUrls: []string{
        "http://localhost:3000",
        "https://myapp.com",
    },
    OidcConformant: management.Bool(true),
    JwtConfiguration: &management.ClientJwtConfiguration{
        Algorithm:         management.String("RS256"),
        LifetimeInSeconds: management.Int(3600),
    },
}

client, err := mgmt.Clients.Create(ctx, createRequest)
if err != nil {
    return err
}

fmt.Printf("Created client: %s (ID: %s)\n",
    *client.GetName(),
    *client.GetClientID(),
)

Create a native client for mobile/desktop apps:

createRequest := &management.CreateClientRequestContent{
    Name:    "My Mobile App",
    AppType: &management.ClientAppTypeEnumNative,
    Callbacks: []string{
        "myapp://callback",
        "com.myapp://callback",
    },
    AllowedLogoutUrls: []string{
        "myapp://logout",
    },
    OidcConformant: management.Bool(true),
    JwtConfiguration: &management.ClientJwtConfiguration{
        Algorithm: management.String("RS256"),
    },
    NativeSocialLogin: &management.ClientNativeSocialLogin{
        Apple: &management.ClientNativeSocialLoginApple{
            Enabled: management.Bool(true),
        },
        Facebook: &management.ClientNativeSocialLoginFacebook{
            Enabled: management.Bool(true),
        },
    },
}

client, err := mgmt.Clients.Create(ctx, createRequest)

Create a traditional server-side web application:

createRequest := &management.CreateClientRequestContent{
    Name:    "My Web App",
    AppType: &management.ClientAppTypeEnumRegularWeb,
    Callbacks: []string{
        "https://myapp.com/callback",
        "https://staging.myapp.com/callback",
    },
    AllowedLogoutUrls: []string{
        "https://myapp.com",
        "https://staging.myapp.com",
    },
    OidcConformant: management.Bool(true),
    JwtConfiguration: &management.ClientJwtConfiguration{
        Algorithm:         management.String("RS256"),
        LifetimeInSeconds: management.Int(36000),
    },
}

client, err := mgmt.Clients.Create(ctx, createRequest)

Create an M2M client for backend services:

createRequest := &management.CreateClientRequestContent{
    Name:           "My Backend Service",
    AppType:        &management.ClientAppTypeEnumNonInteractive,
    OidcConformant: management.Bool(true),
    JwtConfiguration: &management.ClientJwtConfiguration{
        Algorithm:         management.String("RS256"),
        LifetimeInSeconds: management.Int(86400),
    },
}

client, err := mgmt.Clients.Create(ctx, createRequest)

Reading Clients

Get a Single Client

clientID := "abc123xyz789"

client, err := mgmt.Clients.Read(ctx, clientID)
if err != nil {
    return err
}

fmt.Printf("Client: %s\n", *client.GetName())
fmt.Printf("Type: %s\n", *client.GetAppType())
fmt.Printf("Callbacks: %v\n", client.Callbacks)

List All Clients

listRequest := &management.ListClientsRequestParameters{
    PerPage: management.Int(25),
}

clientsPage, err := mgmt.Clients.List(ctx, listRequest)
if err != nil {
    return err
}

for _, client := range clientsPage.Results {
    fmt.Printf("Client: %s (%s)\n",
        *client.GetName(),
        *client.GetClientID(),
    )
}

Filter by Application Type

listRequest := &management.ListClientsRequestParameters{
    AppType: management.String("spa"),
    PerPage: management.Int(50),
}

clientsPage, err := mgmt.Clients.List(ctx, listRequest)

Select Specific Fields

import "net/url"

queryParams := url.Values{}
queryParams.Set("fields", "client_id,name,app_type,callbacks")
queryParams.Set("include_fields", "true")

listRequest := &management.ListClientsRequestParameters{
    AppType: management.String("spa"),
}

clientsPage, err := mgmt.Clients.List(
    ctx,
    listRequest,
    option.WithQueryParameters(queryParams),
)

Updating Clients

Update Basic Info
Update Callbacks
Update JWT Configuration
Update Grant Types

Update basic client information:

updateRequest := &management.UpdateClientRequestContent{
    Name:        management.String("My Updated App"),
    Description: management.String("Updated description"),
    LogoURI:     management.String("https://example.com/logo.png"),
}

client, err := mgmt.Clients.Update(ctx, clientID, updateRequest)

Update callback and origin URLs:

updateRequest := &management.UpdateClientRequestContent{
    Callbacks: []string{
        "https://myapp.com/callback",
        "https://staging.myapp.com/callback",
        "https://dev.myapp.com/callback",
    },
    AllowedOrigins: []string{
        "https://myapp.com",
        "https://staging.myapp.com",
        "https://dev.myapp.com",
    },
    AllowedLogoutUrls: []string{
        "https://myapp.com",
        "https://staging.myapp.com",
    },
}

client, err := mgmt.Clients.Update(ctx, clientID, updateRequest)

Update JWT token settings:

updateRequest := &management.UpdateClientRequestContent{
    JwtConfiguration: &management.ClientJwtConfiguration{
        Algorithm:         management.String("RS256"),
        LifetimeInSeconds: management.Int(7200),
        SecretEncoded:     management.Bool(false),
    },
}

client, err := mgmt.Clients.Update(ctx, clientID, updateRequest)

Configure allowed OAuth grant types:

updateRequest := &management.UpdateClientRequestContent{
    GrantTypes: []management.ClientGrantTypeEnum{
        management.ClientGrantTypeEnumAuthorizationCode,
        management.ClientGrantTypeEnumRefreshToken,
    },
}

client, err := mgmt.Clients.Update(ctx, clientID, updateRequest)

Advanced Client Configuration

Configure Refresh Tokens

updateRequest := &management.UpdateClientRequestContent{
    RefreshToken: &management.ClientRefreshToken{
        RotationType:   management.ClientRefreshTokenRotationTypeEnumRotating.Ptr(),
        ExpirationType: management.ClientRefreshTokenExpirationTypeEnumExpiring.Ptr(),
        Leeway:         management.Int(0),
        TokenLifetime:  management.Int(2592000), // 30 days
        InfiniteTokenLifetime:           management.Bool(false),
        InfiniteIdleTokenLifetime:       management.Bool(false),
        IdleTokenLifetime:               management.Int(1296000), // 15 days
    },
}

client, err := mgmt.Clients.Update(ctx, clientID, updateRequest)

Configure CORS Settings

updateRequest := &management.UpdateClientRequestContent{
    AllowedOrigins: []string{
        "https://myapp.com",
        "https://staging.myapp.com",
    },
    WebOrigins: []string{
        "https://myapp.com",
        "https://staging.myapp.com",
    },
    CrossOriginAuth: management.Bool(false),
}

client, err := mgmt.Clients.Update(ctx, clientID, updateRequest)

Configure Mobile Settings

updateRequest := &management.UpdateClientRequestContent{
    Mobile: &management.ClientMobile{
        Android: &management.ClientMobileAndroid{
            AppPackageName: management.String("com.myapp.mobile"),
            Sha256CertFingerprints: []string{
                "AB:CD:EF:12:34:56:78:90",
            },
        },
        Ios: &management.ClientMobileIos{
            TeamID:      management.String("TEAM123"),
            AppBundleIdentifier: management.String("com.myapp.mobile"),
        },
    },
}

client, err := mgmt.Clients.Update(ctx, clientID, updateRequest)

Client Metadata

Add custom metadata to clients using WithBodyProperties:

import "github.com/auth0/go-auth0/v2/management/option"

customMetadata := map[string]interface{}{
    "custom_domain_verified": true,
    "integration_metadata": map[string]interface{}{
        "source":      "terraform",
        "environment": "production",
        "team":        "platform",
        "cost_center": "engineering",
    },
    "feature_flags": map[string]bool{
        "beta_features": true,
        "analytics":     true,
    },
}

createRequest := &management.CreateClientRequestContent{
    Name:    "My App with Metadata",
    AppType: &management.ClientAppTypeEnumSpa,
}

client, err := mgmt.Clients.Create(
    ctx,
    createRequest,
    option.WithBodyProperties(customMetadata),
)

Pagination

Iterate through all clients efficiently:

listRequest := &management.ListClientsRequestParameters{
    PerPage: management.Int(50),
}

clientsPage, err := mgmt.Clients.List(ctx, listRequest)
if err != nil {
    return err
}

iterator := clientsPage.Iterator()
for iterator.Next(ctx) {
    client := iterator.Current()
    fmt.Printf("Client: %s (%s)\n",
        *client.GetName(),
        *client.GetClientID(),
    )
}

if iterator.Err() != nil {
    return iterator.Err()
}

Deleting Clients

err := mgmt.Clients.Delete(ctx, clientID)
if err != nil {
    return err
}

fmt.Printf("Deleted client: %s\n", clientID)

Deleting a client is permanent and will break any applications using that client ID.

Working with Client Grants

List Client Grants

listRequest := &management.ListClientGrantsRequestParameters{
    ClientID: management.String(clientID),
}

grantsPage, err := mgmt.ClientGrants.List(ctx, listRequest)
if err != nil {
    return err
}

for _, grant := range grantsPage.Results {
    fmt.Printf("Grant ID: %s\n", *grant.GetID())
    fmt.Printf("Audience: %s\n", *grant.GetAudience())
    fmt.Printf("Scopes: %v\n", grant.Scope)
}

Create Client Grant

createGrantRequest := &management.CreateClientGrantRequestContent{
    ClientID: clientID,
    Audience: "https://api.example.com",
    Scope: []string{
        "read:data",
        "write:data",
    },
}

grant, err := mgmt.ClientGrants.Create(ctx, createGrantRequest)

Update Client Grant

updateGrantRequest := &management.UpdateClientGrantRequestContent{
    Scope: []string{
        "read:data",
        "write:data",
        "delete:data",
    },
}

grant, err := mgmt.ClientGrants.Update(ctx, grantID, updateGrantRequest)

Rotating Client Secrets

// Rotate the client secret
client, err := mgmt.Clients.RotateSecret(ctx, clientID)
if err != nil {
    return err
}

fmt.Printf("New client secret: %s\n", *client.GetClientSecret())

Rotating a client secret immediately invalidates the old secret. Update all applications using the old secret before rotating.

Complete Example

package main

import (
    "context"
    "fmt"
    "log"

    "github.com/auth0/go-auth0/v2/management"
    "github.com/auth0/go-auth0/v2/management/client"
    "github.com/auth0/go-auth0/v2/management/option"
)

func main() {
    mgmt, err := client.New(
        "your-tenant.auth0.com",
        option.WithClientCredentials(
            context.Background(),
            "YOUR_CLIENT_ID",
            "YOUR_CLIENT_SECRET",
        ),
    )
    if err != nil {
        log.Fatalf("Error creating management client: %v", err)
    }

    ctx := context.Background()

    // Create a new SPA client
    createRequest := &management.CreateClientRequestContent{
        Name:    "My React App",
        AppType: &management.ClientAppTypeEnumSpa,
        Callbacks: []string{
            "http://localhost:3000/callback",
            "https://myapp.com/callback",
        },
        AllowedOrigins: []string{
            "http://localhost:3000",
            "https://myapp.com",
        },
        OidcConformant: management.Bool(true),
        JwtConfiguration: &management.ClientJwtConfiguration{
            Algorithm:         management.String("RS256"),
            LifetimeInSeconds: management.Int(3600),
        },
    }

    newClient, err := mgmt.Clients.Create(ctx, createRequest)
    if err != nil {
        log.Fatalf("Error creating client: %v", err)
    }

    fmt.Printf("Created client: %s (ID: %s)\n",
        *newClient.GetName(),
        *newClient.GetClientID(),
    )

    // List all SPA clients
    listRequest := &management.ListClientsRequestParameters{
        AppType: management.String("spa"),
        Fields:  management.String("client_id,name,app_type,callbacks"),
        IncludeFields: management.Bool(true),
        PerPage: management.Int(10),
    }

    clientsPage, err := mgmt.Clients.List(ctx, listRequest)
    if err != nil {
        log.Fatalf("Error listing clients: %v", err)
    }

    fmt.Println("\nSPA Clients:")
    iterator := clientsPage.Iterator()
    for iterator.Next(ctx) {
        c := iterator.Current()
        fmt.Printf("- %s (%s)\n",
            *c.GetName(),
            *c.GetClientID(),
        )
    }

    if iterator.Err() != nil {
        log.Fatalf("Error iterating clients: %v", iterator.Err())
    }

    // Update the client
    updateRequest := &management.UpdateClientRequestContent{
        Description: management.String("Updated description for my app"),
        LogoURI:     management.String("https://example.com/logo.png"),
    }

    updatedClient, err := mgmt.Clients.Update(
        ctx,
        *newClient.GetClientID(),
        updateRequest,
    )
    if err != nil {
        log.Fatalf("Error updating client: %v", err)
    }

    fmt.Printf("\nUpdated client description: %s\n",
        *updatedClient.GetDescription(),
    )
}

Next Steps

User Management

Learn how to manage users

Connection Management

Learn how to manage connections

Request Options

Customize client operations with request options

Get Started

Core Concepts

Guides

Advanced

Migration

Client Management Guide

Prerequisites

Application Types

Creating Clients

Reading Clients

Get a Single Client

List All Clients

Filter by Application Type

Select Specific Fields

Updating Clients

Advanced Client Configuration

Configure Refresh Tokens

Configure CORS Settings

Configure Mobile Settings

Client Metadata

Deleting Clients

Working with Client Grants

List Client Grants

Create Client Grant

Update Client Grant

Rotating Client Secrets

Complete Example

Next Steps

User Management

Connection Management

Request Options

Build docs developers (and LLMs) love

Get Started

Core Concepts

Guides

Advanced

Migration

​Prerequisites

​Application Types

​Creating Clients

​Reading Clients

​Get a Single Client

​List All Clients

​Filter by Application Type

​Select Specific Fields

​Updating Clients

​Advanced Client Configuration

​Configure Refresh Tokens

​Configure CORS Settings

​Configure Mobile Settings

​Client Metadata

​Pagination

​Deleting Clients

​Working with Client Grants

​List Client Grants

​Create Client Grant

​Update Client Grant

​Rotating Client Secrets

​Complete Example

​Next Steps

User Management

Connection Management

Request Options

Build docs developers (and LLMs) love

Prerequisites

Application Types

Creating Clients

Reading Clients

Get a Single Client

List All Clients

Filter by Application Type

Select Specific Fields

Updating Clients

Advanced Client Configuration

Configure Refresh Tokens

Configure CORS Settings

Configure Mobile Settings

Client Metadata

Pagination

Deleting Clients

Working with Client Grants

List Client Grants

Create Client Grant

Update Client Grant

Rotating Client Secrets

Complete Example

Next Steps